Ruleset Update Summary - 2024/05/20 - v10599

rulesbot · May 20, 2024, 8:53pm

Summary:

35 new OPEN, 46 new PRO (35 + 11)

Added rules:

Open:

2052759 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (civilianurinedtsraov .shop) (malware.rules)
2052760 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (stalfbaclcalorieeis .shop) (malware.rules)
2052761 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (employhabragaomlsp .shop) (malware.rules)
2052762 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (roomabolishsnifftwk .shop) (malware.rules)
2052763 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (museumtespaceorsp .shop) (malware.rules)
2052764 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (averageaattractiionsl .shop) (malware.rules)
2052765 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (buttockdecarderwiso .shop) (malware.rules)
2052766 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (femininiespywageg .shop) (malware.rules)
2052767 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (restlesslifestyewlo .shop) (malware.rules)
2052768 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (bakefirefighteossw .shop) (malware.rules)
2052769 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (settlepresumerepeats .shop) (malware.rules)
2052770 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (preocucupationssk .shop) (malware.rules)
2052771 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (geneticsockkdwlsaw .shop) (malware.rules)
2052772 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (voicelighterrrepso .shop) (malware.rules)
2052773 - ET MALWARE Observed Lumma Stealer Related Domain (civilianurinedtsraov .shop in TLS SNI) (malware.rules)
2052774 - ET MALWARE Observed Lumma Stealer Related Domain (stalfbaclcalorieeis .shop in TLS SNI) (malware.rules)
2052775 - ET MALWARE Observed Lumma Stealer Related Domain (employhabragaomlsp .shop in TLS SNI) (malware.rules)
2052776 - ET MALWARE Observed Lumma Stealer Related Domain (roomabolishsnifftwk .shop in TLS SNI) (malware.rules)
2052777 - ET MALWARE Observed Lumma Stealer Related Domain (museumtespaceorsp .shop in TLS SNI) (malware.rules)
2052778 - ET MALWARE Observed Lumma Stealer Related Domain (averageaattractiionsl .shop in TLS SNI) (malware.rules)
2052779 - ET MALWARE Observed Lumma Stealer Related Domain (buttockdecarderwiso .shop in TLS SNI) (malware.rules)
2052780 - ET MALWARE Observed Lumma Stealer Related Domain (femininiespywageg .shop in TLS SNI) (malware.rules)
2052781 - ET MALWARE Observed Lumma Stealer Related Domain (restlesslifestyewlo .shop in TLS SNI) (malware.rules)
2052782 - ET MALWARE Observed Lumma Stealer Related Domain (bakefirefighteossw .shop in TLS SNI) (malware.rules)
2052783 - ET MALWARE Observed Lumma Stealer Related Domain (settlepresumerepeats .shop in TLS SNI) (malware.rules)
2052784 - ET MALWARE Observed Lumma Stealer Related Domain (preocucupationssk .shop in TLS SNI) (malware.rules)
2052785 - ET MALWARE Observed Lumma Stealer Related Domain (geneticsockkdwlsaw .shop in TLS SNI) (malware.rules)
2052786 - ET MALWARE Observed Lumma Stealer Related Domain (voicelighterrrepso .shop in TLS SNI) (malware.rules)
2052787 - ET MALWARE DNS Query to Lumma Stealer Domain (whispedwoodmoodsksl .shop) (malware.rules)
2052788 - ET MALWARE Observed Lumma Stealer Domain (whispedwoodmoodsksl .shop in TLS SNI) (malware.rules)
2052789 - ET MALWARE Private Loader Related Activity (GET) (malware.rules)
2052790 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .glue .oystergardening .net) (malware.rules)
2052791 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .glue .oystergardening .net) (malware.rules)
2052792 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (gamestockxchange .com) (exploit_kit.rules)
2052793 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (gamestockxchange .com) (exploit_kit.rules)

Pro:

2856988 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
2856989 - ETPRO MALWARE DNS Query to UNK China APT Domain (malware.rules)
2856990 - ETPRO MALWARE DNS Query to UNK China APT Domain (malware.rules)
2856991 - ETPRO MALWARE DNS Query to UNK China APT Domain (malware.rules)
2856992 - ETPRO MALWARE DNS Query to UNK China APT Domain (malware.rules)
2856993 - ETPRO MALWARE Observed UNK China APT Domain in TLS SNI (malware.rules)
2856994 - ETPRO MALWARE Observed UNK China APT Domain in TLS SNI (malware.rules)
2856995 - ETPRO MALWARE Observed UNK China APT Domain in TLS SNI (malware.rules)
2856996 - ETPRO MALWARE Observed UNK China APT Domain in TLS SNI (malware.rules)
2856997 - ETPRO MALWARE UNK China APT CnC Activity (GET) (malware.rules)
2856998 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/02/20 - v10536 Ruleset Updates	463	February 20, 2024
Ruleset Update Summary - 2024/03/27 - v10561 Ruleset Updates	185	March 27, 2024
Ruleset Update Summary - 2024/05/13 - v10594 Ruleset Updates	165	May 13, 2024
Ruleset Update Summary - 2024/04/04 - v10568 Ruleset Updates	195	April 4, 2024
Ruleset Update Summary - 2024/05/03 - v10589 Ruleset Updates	261	May 3, 2024

Ruleset Update Summary - 2024/05/20 - v10599

Summary:

Added rules:

Open:

Pro:

Related Topics